A recent discovery of a security vulnerability in certain Canon printer drivers has raised concerns among users and businesses worldwide. Tracked as CVE-2025-1268, this flaw has the potential to allow attackers to execute arbitrary code, posing a significant risk to the affected systems.
The vulnerability, categorized as an out-of-bounds vulnerability, specifically affects printer drivers for office multifunction printers, small office printers, production printers, and laser printers. Canon, the manufacturer of the affected devices, has acknowledged the issue and is urging users to update their printer driver software promptly to mitigate the risk of exploitation.
The vulnerability lies in the EMF Recode processing of the affected printer drivers, which mishandles certain operations, creating an opportunity for attackers to exploit the system by executing arbitrary code. In the context of a malicious application processing a print job, the vulnerability could lead to compromising the confidentiality, integrity, and availability of the affected system.
According to the Common Vulnerability Scoring System (CVSS) v3.1, this flaw has been given a Base Score of 9.4, indicating a severe risk level. The breakdown of the CVSS rating highlights the ease of exploitation and the significant impact it could have on systems using the affected printer drivers.
The affected Canon printer driver versions include the Generic Plus PCL6 Printer Driver, Generic Plus UFR II Printer Driver, Generic Plus LIPS4 Printer Driver, Generic Plus LIPSLX Printer Driver, and Generic Plus PS Printer Driver, all with versions V3.12 and earlier. This widespread use of the drivers across various types of devices means that the scope of the issue could have global implications for businesses relying on Canon printers.
To address the vulnerability, Canon has announced that updated printer drivers will be made available through the websites of their local sales representatives. Users are strongly advised to check for updates and install the latest driver versions promptly to protect their systems from potential exploitation.
Canon has expressed appreciation to the Microsoft Offensive Research and Security Engineering (MORSE) Team for identifying and reporting the vulnerability. This collaborative effort enabled Canon to respond swiftly and effectively to mitigate risks for its customers.
In light of vulnerabilities like CVE-2025-1268, it is crucial for users to take proactive security measures by ensuring their software is up to date, monitoring systems for unusual activity, and securing networks with firewalls and other security measures. This incident underscores the importance of staying vigilant and taking steps to protect modern IT environments from potential threats.
Overall, the discovery of this security vulnerability serves as a reminder of the importance of cybersecurity in today’s digital landscape. By staying informed and implementing best practices, users and businesses can reduce the risk of falling victim to cyberattacks and data breaches.